From PHP guides to small marketing. From ePayments all the way through to BioTech. Your all-tech passport.

May 27, 2013

Hashing on php - Best security tips

Hashing on php is a way to encode a string, mostly passwords.
One big mistake would be having the passwords stored in database without being encrypted.
Whenever someone gets access to the database can login directly.
The most used hash types on php are md5, sha1, sha236, sha512. Sha512 is more strong between them.
Md5 hashes can be cracked very fast due to big lists of password combinations.
You can go to a site to decrypt md5, there are many chances that your hash will get cracked, they may have the md5 hash of your password stored into database.

Best tips:

Use sha512

Strong password

Using salts

Let's take an example of sha512

<?php echo hash('sha512', 'mypass'); ?>

Using different letter combinations is better ex gA@2#j,J%19&

Salts

Salt is a secret word which get combined with the password or hash, this method is the best as long as the attacker does not have file read access to read the hash